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(57) Abstract 

A system and method for 
preventing unauthorized use of a 
remotely operated system, by using 
sophisticated bi-directiona! verification 
schemes. The bi-directional verification 
schemes are based on random challenge 
and response between a mobile station 
and a cellular network. The cellular 
network discriminates between "pirate" 
mobile stations and mobile stations 
authorized to use the cellular network. 
The security afforded by bi-directional 
verification is applied to a system and 
method for use in conjunction with 
remotely operated systems, including one 
or more pieces of application equipment 
of a home automation system. 
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TITLE: SECURE EQUIPMENT AUTOMATION USING A PERSONAL 

BASE STATION 

FIELD OF THE INVENTION : 

The invention relates to secure data transfer and 
data encryption and specifically application of a secure data 
transfer and data encryption method and system in an 
automation system such as a home automation system. 

BACKGROUND OF THE INVENTION : 

Many systems in homes and in automobiles are 
operated remotely using low-power radio transmitters, some of 
which comply with FCC Part 15 rules . Examples of remotely 
operated systems include garage door openers and intruder 
alarm disable switches. Although these systems, like modern 
cordless telephones, employ some basic security encoding of 
their transmitted signals, they have some pitfalls. For 
example, the basic security coding on remotely operated 
systems may be easily duplicated. 

Typically, remotely operated systems include a 
transmitter and a* receiver, each -having- the- same -security code- 
programmed onto it. ■ The ..security > ...code *-i-s identical on each 
transmission between .the, ^ transmitter a P£*..,.- re< r e ^y. er ' is 
transmitted, at a low rate, and has a very limited number of 
separate code combinations possible (typically up to 2 15 >) . 
This basic security code- 1 is' easily duplicated by intercepting 
a transmission from : the transmitter, or by,- " tumbling," .the 
security code in a duplicate transmitter. - 

In addition*- to the problem of transmitter 
duplication, there is ■ typically no" verification of the 
transmitter by the receiver. Thus, if a duplicate or pirate 
transmitter is created in . one of" the aforementioned ways, 
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there- "is no ;.way .for the' receiver to distinguish the duplicate 
- transmitter from .=a legitimate transmitter by. interrogation, 
because the : radio" link operates in one direction only. 

Some improved transmitters have been designed to 
5 . attempt ' to' overcome- these defects.;, by- using a "rolling .code'! 
: which changes -.each" .time the transmitter is successfully used. 
. • However, these ■ improved' transmitters are still vulnerable to 
duplication because there is : no ., bi-directional verification of 
the transmitter. This situation- is; similar - to that which 
10 currently exists in:. . cellular, -systems, , where duplication of a- 
mobile .'-station.Vs- -identification-- number.. (MIN) - and . its 
electronic serial number ■ ,( ESN) in a "pirate" mobile station 
allows calls to.' be made on the ,-pirate mobile station which are 
then- charged to the- account of a _ legitimate user. 

15 

SUMMARY OF THE INVENTION : 

"In order to. overcome problems of unauthorized use of 
a ■ remotely operated system, sophisticated bi-directional 
verification schemes : have , been ■ introduced into cellular . .phone 

20 standards. These bi-directional verification schemes are 
based on random challenge and response between the mobile 

station -and -the -cellular _ network;.. _ Each_the jnobile., s.tat ion _a_n_d_ 

the cellular network contain • shared- secret, .information, which 
may include a MIN, an ESN, and. an authentication, key. During 

25 the challenge, data -is transmitted to the mobile station .and a ■ 
signed response from the mobile station is expected. The 
' sighed response is based on the- shared secret data known only 
to the mobile station and the . cellular network. If . the ..signed 
•response from the mobile station matches; the calculated value 

30 at the cellular network, the mobile station is allowed to use 
the network. If the signed response is not the same as that 
calculated at.-- the cellular network, the mobile station is 
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rejected. 1 In -this manner, the cellular 'network can 

discriminate between-' • "pirate" mobile stations and .'the .mobile 
stations authorized to use the cellular network.- : 

"It is an object of the present invention to apply 
5 * bi-directional verification to a personal- :base station for use 

- " in conjunction with remotely - operated --systems. It is a 

further object of the invention to implement' a personal base 
'station for -'control of at- least . one -piece of application 
-equipment and for : home automation. " t ~~ ... _ - 

10 - The personal ' : base r station includes ,- a radio 

' transceiver which receives and-i ^transmits da.ta, ^ such as 
commands, between a mobile : -station . and a personal base 
station. A' security -module is coupled . to the radio 

transceiver ' and authenticates the identity .-.of' -the ..mobile 

15 station using cellular bi-directional verification. An 
application interface is coupled to the radio transceiver, the 
security module, and application equipment; The application 
interface transla-tes data between the radio transceiver and 
the application equipmeht' when permitted based on output from 

20 the security rfiodule. 

BRIEF DESCRIPTION OF THE DRAWINGS : 

•These and othe'r^ ■ ob j ects ,' features, and advantages 
will become more fully appreciated with reference to the 
25 accompanying drawings and detailed description. ■ 

Fig. 1 depicts a personal base- .. station with 
interfaces to a mobile ■ -'station, a wired network, and. one or 

- more a home automation devices. . ■ , •■ 

Fig. 2 depicts —an embodiment: .of the;- application 
30 ! interface within a personal base station. ■ . ! „- - 

Fig. 3' depicts- a mobile station capable of 
communication between* a 'personal base station when within 
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, ,-range of. the - -personal base station .. - : an.d a cellular; .base 
station. 

■: ■ • Fig.' -4 .depicts a method for transmitting data, 

including;: commands,. frqm : a either a, : mobile station or a_ .wired 
5 • network to application- equipment .■ „ . 

Fig.; 5 depicts a method, of transmitting data between 
a mobile -station -or, a wired .' network and a personal base 
■station, in which - the application; interface of the personal 
■base station monitors.; and controls -applica-tion equipment, 

10 . : " • : ! - . t : •-■ .;, 

: DETAILED DESCRIPTION OF THE INVENTION : 

Fig. 1 depicts a personal base . station 12. The 

• .-personal base station , .12 -includes, a . radio .transceiver, 14, a 

■ security module 16, -a baseband processing and telephony 

15j interface -18, a network interface £0 , and an application 

interface .22. The radio transceiver 14 demodulates and 

/decodes signals transmitted from a .remote mobile station 10. 

s't Demodulation ..and - decoding may be performed by many methods, 

including the commonly used and widely known GSM technique, 

2.0.1:.. -and the- techniques" ..described : in- the Telecommunication 

Industries Association (TIA) and Electronic Industries 

- -- Association- (-EIA-) -standa-rds -I-S--136 -1 , -IS--13.6 .-2-, - IS--95, - and- IS- 

91. • 

i ■ ,;v A baseband processor and telephony interface. 18 is 

2-5 coupled between a wired network 24, a radio transceiver 14 and 
-,.n;the network interface 20. . The baseband, processing and 

■ -telephony interface-, 18 _ receives signals from and transmits 

■ signals to the wired network 24 in a. well known manner. The 
;i\ network interface 20 is coupled to^the security module 16 and 

30:: the application interface 22. The network .interface 20 
converts .signals received from the baseband processing and 
- telephony interface 18 to data, and converts .data to signals 
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for ' transmission- from the' baseband - processing and telephony 
interface 18. - 
'■ ~ ' : ' - *' The ' security " module 16 is coupled to the radio 

transceiver 14, ' the' ■ application interface *22 •' and 'the network 
5 interface 20. The security module - 1 ! *6 performs bi-directional 
verification of the mobile • station • 1-0 and initiates and 
responds' to challenges fronv : -the mobile station 10. The 
' technique of bi-directional - : verif icatiori may be based on a 
technique specified by the -GSM' standard, bf on a technique as 

10 described in TIA and EIA standards IS-136.1, IS-136.2, IS-95V 
and IS-91, hereby incorporated, by-, ' reference ''-herein . " The 
security module 16 also- per forms verification of a terminal at 
a wired network - 2.4 'and may be accomplished numerous techniques 
including the ' TIA and- EIA Aker standard. Once' the 

15' authenticity of the identity of a mobile- station* ■ 10 oxi 
terminal ' at a wired ; network 24 has been - -established, the 
security moduie. 16 produces an output' indicating whether or 
• not the mobile station 10 or terminal at wired ' network 24 .. is 
authentic. 1 " ■ 

20 The application interface 22' is coupled -to the radio.. 

transceiver 14 and the security module 16, and is ; ' connect able 
to one or more pieces of application equipment 26. The 
application interface 22 translates data, which may include 
commands, between the mobile- station 10 or wired network 24 

25 and "the application equipment 26,' when permitted based' 1 on the 
output of the : ' security module 16. ' The - application equipment 
2 6 may include a single device such as a- garage door open'er ox 
a vast array of devices including a "home • security ' system, 
lights, vatious household appliances, and subsystems -within 

30 the- "house such as' the heating and cooling, .systems- The 
application interface 22 can operat-e. .simply'- as- a translator of 
data, including commands, issued by a mobile' station 1:0 ■ or a 



.BNSDOCID: <WO 9816080A2J_> 



\V0 98/16080 PCT/US97/17553 



wired network 24 -to ' appiicatibri equipment • 26 . Conversely/ the 
application Interface 22' can also be more complex, supporting 
" continuous- monitoring 'and controlling of application 'equipment 
: 26~ and -'supporting* modification-- of ; the application" interface 22 
5 remotely .' via' a mobile "-. station 10 ' : or ' a wired ' network* 24 
■' ' properly authenticated by ■ the- 'security module 16. 

Home '"'automation systems :) which continuously' monitor 
■ '" - and -control applicatibn equipment- and- which- are suited- to 
3; implement' an ' application ''interface' are ■ well-known . ':' U.S. 
10'- Patent No-. S, 086, 385, hereby ' incorporated by reference - herein, 
- - is directed" to an expandable- home automation' system making' use 
of the well known smart house ; and : '"'CEBUS ' data buses-. U.S. 
Patent~No. 5,218,552/ he'reby incorporated by reference herein, 
is directed : to a ; cdntrbl apparatus- 'for use in r -a dwelling. *•-• 
15 : ' ■ The use of a -home automation system to implement an 

' ' application interface : 22 of a personal ■ base^ station 12 allows 
secure "remote *' access' to a home 1, automation system using a 
mobile station- 10 or a 'wired- network 24. : Bi-directional 
verification of the"' mobile station 10 or user at' a wired 
20 network -24 by the security module 16 creates- the secure remote 
access-. When implemented" for home . automation, ; the personal 
~ - base "station 12" may" notify a" user " either via a mobile" station" 
10 or via a wired network 24 that there is a problem with the 
application equipment 26. -For example, if : a- security system, 
25 monitored and controlled by the application interface- 22 is 
set off/"the application interface 22- of the - base station 12 
may initiate a page of the user via r a mobile station 10 or the 
wire*d network 24.' --'Such page will incorporate bi-directional 
verification of the -mobile station-* 10 "^or the wired network 24 
30 using ' ■ security module- 16 to ensure "the" identity ; of the 
receiving unit, if the user is at the mobile ^station 10 or at 
the wired network 24, the user may receive - notification of the 
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> -disturbance' and; take action by either issuing a : command to the 
■ personal base, station 12 -.or perhaps . ..call.ing jthe ; police or 
•-returning home. •..Furthermore, , i : f . either the -.mobile . station 10 
or the wired network 24 : is . in use, .the personal .base station 
5 12 may page the one -not in use to t report information. ^ 

Fig. 2 depicts .a simplified, vie.w of., an embodiment of 
the application .interlace. 22 within. ^ r personal base station 
12.- The personal base station, 12 has a radio transceiver 14, 
• a security module' 16, ^and- an ^application interface 22. - The 
10 application, interface - 22 ,has a decoder-. 30 -coupled to a .relay 
, 32'. The radio, transceiver 14 is^ ( .coupled- to. the security 
module.: 16 and the decoder 30. The, security module 16 is 
coupled to. the .decoder and to -the., ..radio transceiver 14. A 
garage door opener 34 is shown ...coupled to the relay 34 for 
15.. purposes of example. -However, the application equipment 26. 
- . coupled to the application interface .22 cpuld be any 
conceivable .device, including devices .outside. of the home,, for 
example a car-door opening ..device, a device for starting, a 
car, and a home security -system, to r name a few devices. - 
20- .A- user at a - mobile station 10 may gain command 

control over the garage , door . ope.n.er . 34 by .activating a mobile 
station 10. The radio transceiver 14 ..at • the . personal base 
* station 12 will receive transmissions from the mobile .station 
10 and the security module 16 will then conduct bi-directional 
25*... verification of the transmitter to verify the identity of the 
mobile station. 10. This .process may include the -personal base 
station-: 12 issuing- and/or responding to challenges from . the 
mobile station. 10... If the mobile .station 10 is not .verified 
to be authentic-,-: the security module.,, outputs a signal -.tp the 
30. decoder 34 which indicates that -data , ^including . commands/ from 
the. mobile station 10 are ., to be igpared. If tlje mobile 
stat-ion 10 is recognized, the security module 16 outputs a 
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signal- -to- 'the decoder- 3:0: indicating that the mobile station 10 

■ 'is- valid. ' j : : * - . ; • . . ..: • 

■ Shoe" validated, a-. user, at the? mpbile station 10. may 
issue data, including commands', from 1 the mobile, station 10. 
5 '"' Data issued is received by -.i the radio transmitter 14 and. passed 
' to the decoder 30. The ■ decoder ;. 30 decodes the data from the 
radio transmitter 14 and the . secarity. ; module 16 and, based on 
this data, activates the garage.'. door ropener 34 via the -relay 
- 32. : ' ; - ■ ■ ■• 

. In -Fig.- 3, a. personal"- base station 12, as shown in 

' ! -Fig. 1, is depicted in close proximity to a> -cellular network 
v 36v The personal base - station- 12. is coupled to ^ a. wired 
•network • 24 which,' for purposes of this example, will be 
assumed' to be~a : PSTN. The cellular network 36 is also coupled 
15 to a wired network- '24-- which, .may-; implement a PSTN. When a 
;: ' mobile- 1 ' station 10 'is in ciose proximity to the personal base 
: station 12, the' ' mobile- : station 10, fusing * bi-directional 
vex if idation, 'will transmit to and receive signals from the 
■' " personal base station * 12 . The radio- transceiver ; 14 ^of the 
20- " personal base station -12 receives -and, ..transmits signals to the 
"- 'mobile' ''station 10'. The security, 'module 16 -of the personal 
" 1 bas~e r - Station 12 verifies " the" identity- of "the "mobile- -station 
: 10.- " : " 'Subsequently , ' the radio transceiver . 14 . passes 
• r: '■' ! transmissions between ■• the mobile station 10, and %he wired 
25 ' network 24" via' the'- baseband processing and telephony .interface; 

18. ■ in 'this 1 Way,— a mobile station 10. may access a land-line 
' telephone network through , a personal base station 12. ; 

• Once "'a mobile station 10-. moves : . out of .range of the 

• ;,j personal base station 12, the. .-.mobile station 10 may begin to 
30""'* communicate with a". cellular base: station 38 of _,a cellular 
' • network '36-. 'The personal base! . station 12 ; may "hand-off" the 
mobile station" 10 to a .. cellular-- 'network 3,6 when the mobile 
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st-ktibn 10- moves ^ out of range, of the pe-r.sonal .base station, 12. 

The cellular network 36 then routes a call from th : e mobile 
station '• 10 to a'" wired network .24,, for example a PSTN . 
Alternatively-, a -user at a r mobile station 10 may manually 
5 select or cause"- " the-'- - mobile station 10 to - redirect 
transmissions - ; to a cellular o network . 36. Similarly, when a 
mobile station 10 '-which- -i has . been communicating to a cellular 
network'^ 36 comes * into ; close; /proximity to a personal base 
station 12, the cellular network 36 may hand off the mobile 
10' • station- 10 to the personal base statio.n : 12 either by 
autonomous action of the --personal base station- 12 or by manual 
action of the. user at the mobile station. :■' Thus, a . user can 
reduce cellular telephone charges by. routing, calls through a 
-personal base station 12 when his mobile r - station 10 is in 
15 '-close proximity to the .personal ..base 'station ,12 . 

Fig. 4 'depicts, a .method for; transmitting. . data, 
including commands, 'from' a either a .mobile station , 10 or a 
wired network 24 to -application : .equipment . . . In step *40, 
personal base station- 12 waits for data . to _be : ^received . -If no' 
20 data is received, - step - 4 0 Is- repeated.; If data is received,, 
bi-directional verification vis - performed by . - the ;.secur-ity 
module 16 in step 42 to authenticate the mobile- station. 10 or 
the wired network 24. I f .. the . .verification is -.successful in 
defiision' step 44, the personal base , station 12 receiver data, 
25~ including commands, from the. mobile - station, 10 ,or the... .wired 
network 24 in step 46.- Otherwise-, -if - ; .-verification of the 
mobile station 10 or * the -wired network ^24 -by the- t security 
~ : module.. .1.6 is not successful in step 4.4 , step 40 is invoked. 
Af ter data is received - in -step 46. by the- personal base -station 
30" 12, the personal base station 12. .translates the. data in step 
7 48, which data may -include commands, to the application 
: equipment r 26- specif ied " by :the data.. . Subsequently., method step 
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.40 is resumed. 

* Fig. 5 depicts a -method" of. transmitting data between 
a mobile station' 10 : arid -a' personal base station '12, ■ in which 
the • application interface 22 df- the -personal- base station 12 
■■ monitors -and "controls application equipment ■ 26 In step 50, 
the application interface 22 monitors and controls application 
equipment 26 coupled to the personal base station 12. An 
application interface performing monitoring and controlling 
may be implemented by a home automation system.. In step 52, 
the personal base station monitors whether data is to be sent 
or received. If no data is to be sent or received, step 50 is 
resumed. If data is to' be sent or received, bi-directional 
verification to authenticate a mobile station 10 or a wired 
network 24 to the personal base station 12 is undertaken in 
step 54 . 

If the authentication is not successful in step 56, 
step 50 is resumed. If authentication is successful in step 
56, the personal base station 12 receives data from or 
transmits data to a mobile station 10 or a wired network 24 in 
step 58. Then in step 60, if data has been received with 
commands for application equipment 26, the commands are 
translated -in-st-ep 6-2 -and sent -t-o- the appiicatron~ equipment "26 
for execution. If commands are not received for application 
equipment 26, in step 64 the personal base station determines 
whether data received from either the mobile station 10 or the 
wired network 24 is directed for monitoring or controlling of 
application equipment 26 performed in step 50. If not, step 
50 is resumed. If the data is for monitoring or controlling 
application equipment 26, step 66 is executed and the 
parameters used to monitor and control the application 
equipment in step 50 may be updated by the data received from 
the mobile station 10 or the wired network 24. Subsequently, 
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step 50 is resumed. ■* ■ 

Although iL specifi : c .-embodiment s-, t -of -the invention have 
been- disclosed,. : : it .will be. understood ..by those having skill in- 
the a.rt that; cha-nges can- be; made to. those specific embodiments 
without departing^.- from the : spirit" and the ■ scope, of the 
invention.. -. i . - . • I'- 
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CLAIMS : - ' - ■-■ 

What is claimed is: 

1 v 1. A personal base station, comprising: . : i 

2 ' 'a-' raclio transceiver receiving" data from and 

3 '■ transmitting- data to "a mobile -station, said data including 

4 commands ; 

5 ....... a security module, coupled to said radio 

6 " r transceiver, authenticating an identity of said mobile station 

7 using bi-directional, verification, and said security.;, module 

8 producing an output based on an authenticated, identity of said 

9 'mobile station; and ' - *" 

10^- ' an application' interface, coupled to said , -radio 

11-' transceiver ' and sard ■'security module, and being ■ cormectable to 

12 application equipment, said application interface translating 

13 - data received by said radio transceiver when permitted based 
14 : oh said output from said security module. 

1 2. The apparatus according ""to claim 1,.* wherein said 
2 • ' application interface- is coupled to said application 

3 ; equipment; and ; •'• • 

-4- wherein - ' said ~ application -interface- -trans lates —data - 

5 received from said radio transceiver /to said application 

6 equipment, permitting control of said application equipment by 
J' : said mobile "station. ■*'..* 

"1 c: '' : 3.-The apparatus according to claim 1,? 

2'-'- : 'wherein said application, interface: is coupled to; 

'-3 said application equipment;- and 

4 wherein said application interface translates data 

5 between said radio transceiver and said application equipment 

6 when permitted based on said output from said security module, 

12 
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thus permitting monitoring and control of said application 
equipment by said mobile station. 

4. The apparatus -according; .to claim 1, ( wherein said 
application interface monitors and- controls said application 
•equipment/ and said .-.application interface -as mocdif aablec- based 
on data received from said mobile station. • . 

"5. The personal base station, according to claim 4, further; 
^comprising : ■ - , „ • . . 

-,- a network : including at least' one -terminal; 

a baseband processing and telephony interface, 
coupled to said-, radio . transceiver '.and said network, 
transmitting. ..signals to . and receiving . signals from said 
terminal; and : ; 

a network interface coupled to said security module, 
said baseband processing and telephony interface, and said- 
application interface, said network interface converting said 
signals - from said network to and from data; and 

wherein said security module receives said -data from 
said network interface, authenticates an identity of said 
terminal on said network using a bi-directional verification 
scheme, and generates . ..an- output- based on . ap authenticated 
id'entity of said * terminal ; and. ^ ? 

wherein said application inte-rface . translates 
between said application equipment. and said digital 
information from said network - interface when permitted based 
on said output, .from said security module, and said application 
interface being modifiable-, based on said data from . said 
network. .. 
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1" 6.- The personal, base' station according toj .-claim. A , t wherein the 

2 personal" base: station ris . :imp 1 erne n ted- \/as ■ .- part T of a r home 

3 automation system, i' " . -;r ■: .... \ : ■ 

1 '■ 7. The personal base .station according to -claim 5, .wherein the 
•2 -personal--'- base, station is. . implemented; : as v part of. a home 

3 automation system.. - ? - ... , ■ :;: , ■■ 

1- 8. The "personal base station- according to claim 7 , wherein 

2 said application interface -includes.: . 

3 at least .one user interf ace unit displaying 

4 information to a user and allowing said user to input and 

5 display data on said application interface; 

6 • a memory for storing data-; 

7 a database for storing data; - ; . , . 

8 a data bus carrying data to and from said at least 
; 9 : " one user interface unit, said radio transceiver, said network 

10 interface, said security module, said memory, and said 

11 database; and • 

12 .a processor, transmitting ■ data to and receiving data 

13 from said data bus, said processor, monitoring and controlling 

14 said" 'application" -equipment,, and" said ., processor 7 transTating 
15- : data, when permitted based on said ; , output . from said security 

16 r module> ; -between -said radio transceiver, said at least, one user 

17 interface unit,."' and ..-said, network interface. and said 

18 ■ application - equipment , .and said processor being . configurable 

19 by a user. 

■ J i 9. The apparatus according 'to claim 1, wherein said bi- 

2 directional verification technique is based:, on . a GSM 

j 3— ■'authentication technique. ..; 
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1 - ^'.^:The apparatus' accbrding - to claim. : .l, wherein.,, said bi- 
2 : "' directional verification technique is-: based, on a TIA/EIA 

3 standard IS-136.1 authentication technique..-.? v 

1 11. The- apparatus according to: claim 1, wherein said bi- 

2 directional verification . technique. .. .i s , based on a TIA/EIA 

3 standard IS-136.2 authentication technique.;: ■ c .-;.:>.:■.■- 

1 12. The apparatus -according to claim 1,- wherein said bi- 

2 directional verification technique*:: --is based on a TIA/EIA 
'3 standard IS-95 authentication . technique . 

1 13. The apparatus = according to /claim 1, wherein said bi- 

2 directional verification technique ■• is- based on a TIA/EIA 

3 standard IS-91 authentication technique-. 

■1 14. The personal base station according to .claim 5, wherein 

2 ' said network verification . scheme is based .on an Aker 

3 authentication technique. 

1 15. The personal base station according to, claim 3., wherein a 

2 ■ : piece of said application equipment .produces an ; alarm signal 
: 3' in response to a -predetermined condition,. and said, application 
"4 interface receives said --alarm signal- and-, transmits = data to 

: 5 : sai'd mobile station via said radio' transmitter Indicating the 

6 presence of said alarm signal at said application equipment. 

1 16. A method for making secure transmissions between a mobile 

-2 station and application ^equipment, the .method comprising the 

3 steps of : * <.■*". ...... 

4 • receiving and transmitting data between a, -mobile 

5 station and a personal base station, said data including 
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6 
7. 
8 
9 
10 
11 

1 
2 
3 

1 
2 
3 

1 
2 



commands; 

authenticating an identity of said mobile station 
using bi-directional verification; and 

translating between said personal base station and 
said application equipment when the identity of "said mobile 
station is authenticated; ■ - • ; ■' 

17. The method according to. claim '16, 'further comprising the 
step of monitoring and controlling said application equipment 
by said personal base station. 

18. The method according to claim 17, wherein said monitoring 
: and controlling is modifiable "based oh data '.from said mobile 

station. . ^ ^ _ _ . t _ ... , ' ' 

19. The method -according 'to^'claim ,18, wherein the method is 
'performed by at least a "portion of a home automation system. 
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